This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Bethany De Lude, CISO, The Carlyle Group
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Recorded Future highlights the business impact of data breaches
Recorded Future’s Insikt Group has identified a 76% increase in publicly reported data breaches from 2022 to 2023, and even though there are two more weeks remaining in this year, Recorded Future’s data project a further 5% increase in 2024 compared to 2023. The group points out “the costliest impacts of data breaches in the last several years have been operational disruption, legal risks, and declining sales due to churn and loss of customer trust.” They add the real risk lies in “companies falling behind in their security strategy and failing to adopt a new way of thinking.”
Rhode Island and ConnectOnCall grapple with data breaches
Two stories this week that highlight the theft of what appears to be low priority data, but really is not. First, Rhode Island’s RIBridges system, managed by Deloitte, was hit by a ransomware attack likely tied to the Brain Cipher gang, exposing sensitive data like Social Security numbers and banking details of residents applying for public assistance programs. Then Healthcare SaaS company had to notify over 900,000 patients of a data breach in its telehealth subsidiary ConnectOnCall, which also included health-related data.
(Bleeping Computer), (The Register) (Bleeping Computer)
US weighs TP-Link ban
In other “banning things from China” news, the Wall Street Journal’s sources say that investigators at the US Commerce, Defense, and Justice departments have opened separate investigations into the router-maker TP-Link. The Defense Department is reportedly investigating national-security vulnerabilities in routers from China, and the Justice Department will look at if TP-Links price discrepancies violate antitrust laws for selling below cost. TP-Link accounts for roughly 65% of the US home router market. Back in October, Microsoft reported multiple Chinese threat actors were using a botnet made up almost entirely of TP-Link routers called CovertNetwork-1658 to compromise Azure accounts.
(WSJ)
Huge thanks to our sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Interpol kills off Pig Butchering
In recent years, the proliferation of online relationships and investment scams has made “Pig butchering” a fairly common thing to hear on this show. It derives from the idea that threat actors are metaphorically attempting to fatten up a potential victim for a more significant return. Now, Interpol is calling on the cybersecurity community, media, and law enforcement to retire the term in favor of the more descriptive “romance baiting.” Europol said referring to the practice as pig butchering dehumanizes and shames victims and that romance baiting highlights the emotional manipulation in these schemes, with more emphasis put on the threat actor’s tactics. This comes as part of a broader effort by Interpol to encourage victims of these frauds to come forward to authorities.
BeyondTrust suffers cyberattack
BeyondTrust, a cybersecurity company specializing in Privileged Access Management (PAM) and secure remote access solutions, itself suffered a cyberattack in on December 2. “Its products are used by government agencies, tech firms, retail and e-commerce entities, healthcare organizations, energy and utility service providers, and the banking sector.” After detecting “anomalous behavior” it was determined that “hackers gained access to a Remote Support SaaS API key that allowed them to reset passwords for local application accounts.” “BeyondTrust immediately revoked the API key, and notified known impacted customers. It is not yet clear whether the threat actors were able to use the compromised Remote Support SaaS instances to breach downstream customers.
AI-driven insurance claims chatbot left exposed to the internet
The healthcare giant Optum has now restricted access to an internal AI chatbot that had been used by employees to inquire about how to handle patient health insurance claims and disputes according to standard operating procedures (SOPs). This after Mossab Hussein, chief security officer and co-founder of cybersecurity firm spiderSilk, saw that its IP address was accessible online for anyone with a web browser. No password was required. The chatbot “did not appear to contain or produce sensitive personal or protected health information.” A spokesperson for Optum, whose parent company is UnitedHealth Group, told TechCrunch in a statement that “Optum’s SOP chatbot was a demo tool developed as a potential proof of concept but was never put into production and the site is no longer accessible.”